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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

2, Claims 1-3, 6-10, 12-15, 18-22, and 24 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Letwin BP 0 574 032 Al. 

Regarding claim 1, Letwin anticipates a data processing apparatus, comprising: 

a processor operable in a plurality of modes and a plurality of domains, said plurality of 
domains comprising a secure domain and a non-secure domain, said plurality of modes including 
at least one non-secure mode being a mode in the non-secure domain and at least one secure 
mode being a mode in the secure domain (col. lines 19-24, and col. 6 lines 42-50), said processor 
being operable such that when executing a program in a secure mode said program has access to 
secure data which is not accessible when said processor is operating in a non-secure mode (col. 4 
lines 17-36); 

a memory operable to store data required by the processor (col. 7 lines 15-21) and 
comprising secure memory for storing secure data and non-secure memory for storing non- 
secure data (col. 4 lines 17-36, and col. 7 lines 15-21), the memory containing a non-secure table 
and a secure table (col. 4 lines 5-16 and fig. 3), the non-secure table being within the non-secure 
memory and arranged to contain for each of a number of first memory regions an associated 
descriptor (col. 9 lines 51 -col. 10 lines 53), and the secure table being within the secure memory 
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and arranged to contain for each of a number of second memory regions an associated descriptor 
(col. 9 lines 51 -col. 1 1 lines 12); and 

a memory management unit operable, upon receipt of a memory access request issued by 
the processor when access to an item of data in the memory is required, to perform one or more 
predetermined access control functions to control issuance of the memory access request to the 
memory, the memory management unit comprising an internal storage unit operable to store 
descriptors retrieved by the memory management unit from either the non-secure table or the 
secure table (coL 10 lines 6-53), and the internal storage unit comprising a flag associated with 
each descriptor stored (col. 7 lines 6-27) within the internal storage unit to identify whether that 
descriptor is from said non-secure table or said secure table (col. 7 lines 6-27, fig. 3, and col, 1 1 
lines 12-58); 

when the processor is operating in said at least one non-secure mode, the memory 
management unit being operable to perform the predetermined access control functions for the 
memory access request with reference to access control information derived from the descriptors 
in the internal storage unit retrieved from the non-secure table (col. 10 lines 6-col. 1 1 lines 58), 
and when the processor is operating in said at least one secure mode, the memory management 
unit being operable to perform the predetermined access control functions for the memory access 
request with reference to access control information derived from the descriptors in the internal 
storage unit retrieved from the secure table (col. 10 lines 6-col. 1 1 lines 58, and col. 20 lines 29- 
40). 
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Regarding claim 13, Letwin anticipates a method of managing access to a memory in a data 
processing apparatus, the data processing apparatus comprising a processor operable in a 
plurality of modes and a plurality of domains, said plurality of domains comprising a secure 
domain and a non-secure domain, said plurality of modes including at least one non-secure mode 
being a mode in the non-secure domain and at least one secure mode being a mode in the secure 
domain (col. lines 19-24, and col. 6 lines 42-50), said processor being operable such that when 
executing a program in a secure mode said program has access to secure data which is not 
accessible when said processor is operating in a non-secure mode (col. 4 lines 17-36), the 
memory being operable to store data required by the processor (col. 7 lines 15-21) and 
comprising secure memory for storing secure data and non-secure memory for storing non- 
secure data, the memory containing a non-secure table and a secure table (col. 4 lines 17-36, and 
col. 7 lines 15-21), the non-secure table being within the non-secure meniory and arranged to 
contain for each of a number of first memory regions an associated descriptor (col. 9 lines 51- 
col. 10 lines 53), and the secure table being within the secure memory and arranged to contain 
for each of a number of second memory regions an associated descriptor (col. 9 lines 51 -col, 1 1 
lines 12), the method comprising the steps of: 

(i) issuing from the processor a memory access request when access to an item of data in the 
memory is required (col. 4 lines 2-16); 

(ii) determining whether an internal storage of a memory management unit contains a required 
descriptor from which access control information can be derived to enable the memory 
management unit to perform one or more predetermined access control functions to control 
issuance of the memory access request to the memory (col. 4 lines 2-36); 
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(iii) in the event that the required descriptor is not contained within the internal storage unit, 
retrieving from either the non-secure table or the secure table, depending on the mode of 
operation of the processor, the required descriptor, storing that required descriptor within the 
internal storage unit, and setting a flag to be associated with that required descriptor within the 
internal storage unit to identify whether that required descriptor is from said non-secure table or 
said secure table (col. 7 lines 2-28, and col. 10 lines 6-53); and 

(iv) using the access control information derived from the required descriptor to perform within 
the memory management unit one or more predetermined access control functions to control 
issuance of the memory access request to the memory (col. 4 lines 2-58); such that when the 
processor is operating in said at least one non-secure mode, the memory management unit 
performs the predetermined access control functions for the memory access request with 
reference to access control information derived from the descriptors in the internal storage unit 
retrieved from the non-secure table (col. 10 lines 6-col. 1 1 lines 58), and when the processor is 
operating in said at least one secure mode, the memory management unit performs the 
predetermined access control functions for the memory access request with reference to access 
control information derived from the descriptors in the internal storage unit retrieved from the 
secure table (col. 10 lines 6-col. 1 1 lines 58, col. 20 lines 29-40 and fig. 3). 

Regarding claims 2 and 14, Letwin further discloses a data processing apparatus/method, 
wherein in said at least one non-secure mode the processor is operable under the control of a 
non-secure operating system, and in said at least one secure mode the processor is operable under 
the control of a secure operating system, and wherein the descriptors in the non-secure table are 



Application/Control Number: 10/714,521 Page 6 

Art Unit: 2136 

generated by the non-secure operating system and the descriptors in the secure table are 
generated by the secure operating system (col. 10 lines 6-col. 1 1 lines 58). 

Regarding claims 3 and 15, Letwin further discloses data processing apparatus/method, wherein 
the memory access request specifies a virtual address, and one of said predetermined access 
control functions comprises conversion of the virtual address to a physical address, each 
descriptor containing at least a virtual address portion and a corresponding physical address 
portion for the corresponding memory region (fig. 3, fig. 10 lines 34-53, and fig. 4). 

Regarding claims 6 and 18, Letwin discloses a data processing apparatus/method, wherein the 
non-secure table comprises a plurality of non-secure tables, each non-secure table containing 
descriptors pertaining to an associated process executable on the processor, the secure table 
comprises a plurality of secure tables, each secure table containing descriptors pertaining to an 
associated process executable on the processor, and the internal storage unit comprises an 
additional flag associated with each descriptor stored within the internal storage unit to identify 
the associated process to which that descriptor pertains (col, 10 lines 34-53 and col. 7 lines 6-20). 

Regarding claims 7 and 19 data processing apparatus/method, wherein when the memory 
management unit needs to access the internal storage unit to derive access control information 
for use in performing the predetermined access control functions, the memory management unit 
determines from the flag and the additional flag for each descriptor in the internal storage unit 
whether the internal storage unit contains a descriptor that corresponds to the current mode of 
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operation of the processor and the current process being executed on the processor (col. 7 lines 
6-20). 

Regarding claims 8 and 20 data processing apparatus, further comprising partition checking logic 
managed by the secure operating system, and operable whenever the memory access request is 
issued by the processor when operating in said non-secure mode to detect if the memory access 
request is seeking to access the secure memory, and upon such detection to prevent the access 
specified by that memory access request (col. 20 lines 29-40). 

Regarding claims 9 and 21 Letwin discloses a data processing apparatus/method, wherein the 
partition checking logic is operable, when the processor is operating in said at least one non- 
secure mode, to prevent the internal storage unit from storing access control information that 
would allow access to said secure memory (col.20 lines 27-58). 

Regarding claims 10 and 22, Letwin discloses a data processing apparatus/method wherein the 
memory access request specifies a virtual address, and one of said predetermined access control 
functions comprises conversion of the virtual address to a physical address, each descriptor 
containing at least a virtual address portion and a corresponding physical address portion for the 
corresponding memory region (fig. 3, fig. 10 lines 34-53, and fig. 4), and wherein the partition 
checking logic is operable, when the processor is operating in said at least one non-secure mode, 
to prevent the internal storage unit from storing as access control information the physical 
address portion if the physical address that would then be produced for the virtual address is 
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within the secure memory (col. 20 lines 27-58). 
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Regarding claims 12 and 24, Letwin further teaches a data processing apparatus/method, wherein 
the memory access request specifies a virtual address, and one of said predetermined access 
control functions comprises conversion of the virtual address to a physical address, each 
descriptor containing at least a virtual address portion and a corresponding physical address 
portion for the corresponding memory region (fig. 3, fig. 10 lines 34-53, and fig. 4), and wherein 
in the event that a descriptor within the non-secure table is associated with a memory region that 
at least partially incorporates a part of the secure memory, the partition checking logic is 
operable, when the processor is operating in non-secure mode, to prevent the internal storage unit 
firom storing as access control information the physical address portion specified by that 
descriptor if the physical address that would then be produced for the virtual address is within the 
secure memory (col. 20 lines 27-58). 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the . 
manner in which the invention was made. 

4. Claims 4-5, 1 1, 16-17, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Letwin 0574032 Al in view of Ellison et al. USPN 6,678,825 Bl. 
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Regarding claims 4, 1 1, 23 and 16 Letwin discloses a data processing apparatus, wherein the 
internal storage unit comprises a main buffer operable to store the descriptors retrieved from the 
non-secure table or the secure table (fig. 3), and a buffer operable to store as access control 
information the physical address portions obtained from corresponding descriptors in the buffer 
for a number of corresponding virtual address portions, the memory management unit being 
operable to perform the conversion of the virtual address to the physical address with reference 
to the content of the buffer (col. 10 lines 6-col. 1 1 lines 58); wherein the memory access request 
specifies a virtual address, and one of said predetermined access control functions comprises 
conversion of the virtual address to a physical address, each descriptor containing at least a 
virtual address portion and a corresponding physical address portion for the corresponding 
memory region (fig. 3, fig. 10 lines 34-53, and fig. 4), and wherein the partition checking logic is 
operable, when the processor is operating in said at least one non-secure mode, to prevent the 
transfer of a physical address portion from the main buffer to the buffer that would allow access 
to said secure memory (col. 1 1 lines 13-56). Letwin fails to explicitly disclose the translation 
buffers are translation lookaside buffer (TLB) and micro-TLB. However Ellison et al. discloses a 
translation buffers are translation lookaside buffer (TLB) and micro-TLB in a method of 
processor access control comprising a normal execution mode and isolated execution mode, and 
an access translation (see fig. 2A, col. 2 lines 65-col. 3 lines 9, col. 10 lines 50-col. 1 1 lines 19, 
and abstract). Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to combine the teachings of Ellison within the system of Letwin 
because they are analogous in processor data access control. One would have been motivated to 
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incorporate the teachings of Ellison because TLB buffer memory is well known at the time of the 
invention for processor data storage. 

Regarding claims 5 and 17 the combination discloses a data processing apparatus/method, 
wherein the micro-TLB is flushed (fig. IE and col. 6 lines 41-56) whenever the mode of 
operation of the processor changes between a secure mode and a non-secure mode, in the secure 
mode physical address portions only being transferred to the micro-TLB from a descriptor in the 
main TLB that said associated flag indicates is from the secure table, and in the non-secure mode 
physical address portions only being transferred to the micro-TLB from a descriptor in the main 
TLB that said associated flag indicates is from the non-secure table (Letwin coL 10 lines 6-53, 
and Ellison see fig. 2A, col. 2 lines 65-col. 3 lines 9, col. 10 lines 50-col. 1 1 lines 19). The 
rational for combining are the same as claim 4 above. 

Conclusion r 
5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser R. Moazzami can be reached on (571) 272-4195. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding tiie status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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